Ethical Hacking Module 2: Footprinting and Reconnaissance

Footprinting and Reconnaissance is another interesting topic that comes under the heading of ethical hacking module 2.

This module can be described as the structure that starts with Footprinting concepts and then Footprinting threats are also described. After analyzing its threats, the methodologies of Footprinting are also significant that should be considered in a detailed manner.

The module 2 of ethical hacking course has also focused on:

Footprinting tools

Footprinting counter measures

Footprinting penetration testing

Footprinting and Reconnaissance

With the passage of time, the significance of Footprinting and Reconnaissance is increasing; therefore both these concepts should be understood separately.

What is Footprinting?

As far as the definition of Footprinting is concerned, this is a process in which six types of information gathering is performed.

Passive information gathering: The information is collected regarding target network by means of using accessible public networks.

Active information gathering: Collect information about a target through social engineering
Anonymous Footprinting: Information is attained from confidential sources in which the author of information is hidden or unidentified

Pseudonymous Footprinting: Collect information that might be published under a different name in an attempt to preserve privacy

Organizational or confidential Footprinting: Gather information with the help of using organizations’ email addresses and web based calendars

Internet Footprinting: The internet is another source of attaining information about a target

According to the concepts of Footprinting, it could be explained as the phenomenon of finding or examining information regarding target network as much as possible. The first and foremost purpose of gathering information is to use this information for the purpose of entering in an organization’s network system.

The various above mentioned types of Footprinting do perform the task of collecting information as much as possible through the help of applying various attributes and processes.

Process of Footprinting

There are four (4) Process Involved in Footprinting a Target:

Collect Basic Information

Determine Operating System (OS)

Perform Techniques

Find Vulnerabilities

First of all basic information is collected about a target network and then the operating system, which is used is identified. At the same time, web servers and platforms are also analyzed during this process. There are various types of other techniques or approaches applied such as organizational queries, Whois DNS, and network queries. The other stage comes into play when risks or weaknesses are identified in order to take benefits in the form of launching attacks towards target network.

Methods used in Footprinting

There are different kinds of ways applied for the purpose of performing the task of Footprinting in a right manner.

Footprinting can be done through the help of search engines, websites, Whois, emails, networks, social engineering and so on. Footprinting could also be performed by means of social networking websites. Google can also be used in order to conduct the process of Footprinting in the desired way.

Monitoring target through Alerts

As far as the significance of alerts services is concerned, this is the phenomenon in which content is examined or evaluated and users are informed by means of SMS or emails.

Website Footprinting

During this process, target websites are focused in order to attain information so that attackers could plan website’s structure and architecture. After analyzing the websites attackers might get information and awareness about software and at the same time operating system and sub directories of websites can be identified as well. The website’s HTML sources and cookies could also provide valuable information to the attackers.

Website’s Analysis and Mirroring Tools

There are different kinds of websites analysis tools through which attackers can identify or explore the vulnerabilities and directory structure.

This aspect should be taken into consideration that website information could be easily explored through www.archive.org.

Email Footprinting

In this concern, emails can be used in order to find the physical location of an individual so that social engineering activity could be performed. In this way, the mapping of target’s organization network should be done to a considerable level.

Competitive Intelligence Gathering

This is another process through which information about the competitors could be identified, examined, and verified through the help of internet.

Sources of Competitive Intelligence

There are different kinds of sources of competitive intelligence such as:

employment ads

social engineering employees

press releases

annual reports

newspapers

trade journals

patents and trademarks

products catalogues

Footprinting Through Google hacking methods

Google hacking are used in order to develop search queries that could be further utilized to explore hidden and sensitive information about target organization network. There are other Google hacking methods that should be analyzed because of their importance and these are vulnerable targets and Google operators. Vulnerable targets are helpful for attackers as they provide support in finding risky targets. The Google operators are also assumed as one of the most significant Google hacking methods as these Google operators locate specific stings of text within the search results.

Google Advance Search Operators

Google advance search operators are:

[Cache:] Displays the web pages stored in the Google cache

[Link:] Lists we pages that have links to the specified web pages

[Related:] Lists web pages that are similar to a specified web page

[Info:] Present some information that Google has about a particular web page

[Site:] Restrict the result to those websites in the given domain

[Allintitle:] Restricts the results to those websites with all of the search keywords in the title

[Intitle:] Restrict the results to documents containing the search keyword in the title

[Allinurl:] Restrict the results to those with all of the search keywords in the URL

[inurl:] Res

Cache is helpful in displaying the web pages and links are sufficient in linking to the specific web page.

Finding Resources using Google Advance Operator

{intitle:intranet inurl:intranet+intext:”human resources”}:, this combination of Google advance operator actually supports the access towards target company’s private network. The purpose of this access is to make sure the sensitive information is collected such as employee listings, along with contacts details that are helpful for social engineering endeavor.

Google Hacking Database (GHDB)

The advisories and vulnerabilities can be attained through the help of www.hackersforcharity.org in which pages do have login portals.

Whois LookuP Online Tools

DNS Footprinting

The attackers need DNS information in order to determine key hosts in the network so that they can social engineering attacks. DNS records provide important information about location and type of servers.

DNS Interrogation Tools

Network Footprinting

In this concern, network range information is obtained in order to develop a map of target’s network. The range of IP addresses that can be attained by means of ARIN whois database search tool. The regional internet registry can be used in order to explore range of IP addresses along with subnet mask that has been used by target organization.

Operating System

There is need of using the Netcraft tool in order to establish the operating systems in use by the target organization.

The SHODAN search engine is helpful in exploring specific computers.

Traceroute

This notion actually works on the assumptions of ICM protocol and use the TTL field in the header of ICMP packets for the purpose of exploring the routers on path to a target host.

Traceroute Tools

These tools can be considered in the form of path analyzer pro and at the same time visual route 2010 is another tool as well.

Footprinting Through Social Engineering

In this situation or scenario, the information is collected through the help of eavesdropping, shoulder surfing, and dumpster diving as well.

Eavesdropping is unusual or illegal way through which conversations are recorded. it could be recognized as any form of communication such as vidoes, audios, or written too.

Shoulder surfing is the way of attaining critical information in which attacker uses the shoulder of the users for this purpose.

Dumpster Driving is the way of looking information from someone’s trash. The information such as phone bills and contact information could be utilized in this scenario.

Footprinting through social networking sites

The information in this type of Footprinting is collected through the help of Facebook, as it is assumed as the treasure trove for attackers. There are 845 million active monthly users and at the same time 100 billion connections available on the Facebook. Twitter is also a very viable source of collecting information as 76% Twitter user’s posts statuses updates and at the same time 55% users use their Twitter accounts by means of cell phones or mobiles.

Footprinting Tool

Maltego
Maltego is a kind of program through which relationships and real world links between people and other people’s groups (social networks), organizations could be identified. The websites, internet, infrastructure, phrases, documents and files can also be used for the purpose of exploring this kind of association.

Footprinting Counter Measures

These countermeasures are assumed in such a manner that these measures are:

Set apart internal DNS and external DNS as well

The directory listings can be disabled and split DNS can be used

The employees should be educated in such a manner that they must know about social engineering tricks and risks

There is need of restricting unexpected input such as |;<>.

The domain level should be avoided so that cross linking shall not be created for the critical assets

The sensitive information should be encrypted and password protected to a certain extent

Conclusion

In a nutshell, it can be said that Footprinting is the phenomenon in which information is collected as much as possible about a target. During this phenomenon the attackers can use search engines in order to extract information about a target.

Get
Exclusive Tips

Join over 130,000 Users
who get fresh content from Smasheezy!

Enter your email address:

About Muhammad Haris

Hello guys, my name is Muhammad Haris, and I’m 24 years old, and I love to play cricket and football, and I love to share my knowledge to others. I have strong web development background with design and internet marketing experience. Continue Reading